USDA Identity, Credential and Access Management What We re Doing; Where We re Going May 2010 Simplifying Business Delivery Improving Our Security Posture Enabling Trust & Privacy Reducing Costs & Increasing Efficiency
United States Department of Agriculture The People s Department 7 Mission Areas 29 Offices and Agencies 125,000+ Employees & Contractors 2
Scope Seven Mission Areas Farm and Foreign Agricultural Services Food, Nutrition and Consumer Services Food Safety Marketing and Regulatory Programs Natural Resources and Environment Research, Education and Economics Rural Development 3
Challenges Information Technology Aging infrastructure Fragmented services Highly decentralized security operations Information Sources Multiple, standalone Duplicative Incompatible 4
Environment Foundational elements Agriculture Security Operations Center (ASOC) Enterprise Data Centers Communication, collaboration, productivity Mission systems 5
Historical Identity, Credential & Access Management User Identity Joe Bloggs J Blogg Joseph Bloggs Credential Joe.Bloggs Password1! 123456 JosephB Secret2# Access Rights System Admin Basic User App Admin Applications Domain Account AgLearn Time & Attendance 6
United States Government Affiliation Contractor Agency/Department Department of Agriculture Expires 2012OCT22 Identity, Credential & Access Management with a PIV Card and an ICAM Solution User Identity Joseph Bloggs 654321 123-54-6789 Active Credential Bloggs, Joseph OCT2012 USDA G PIN=123456 Access Rights Employee System Admin Supervisor Applications Domain Account AgLearn Time & Attendance 7
Taking Ownership of FICAM s Work 8
Defining Ownership Review All Processes and Make Them Lean 9
Defining Ownership Implement the Technical Architecture Supplemental Two-Factor HSPD-DM epacs OCIO ITS AD WCTS AD AgLearn Course Status FSA Application? NFC? NITC? HR Systems Person Model EIDS Enterprise Financial Application? 44 Active Directories? RISO Pilot Readiness Rollout FSA Application FS Adam eauthdb XeGov AD AgLearn
Defining Ownership Improve the Access Control Processes Applications Enterprise aplications Agency applications... Role Management Entitlement Provisioning Access Management Systems Mainframes Servers Workstations Blackberry devices... Access Enforcement Authorization Authentication Facilities Access Administration Facilities Buildings Rooms Quarantine Areas... Compliance, Auditing and Reporting 11
Meticulous Attention Getting to the Finish Line Moving to Effective & Efficient Ways of Doing Business User Joe Carl Joe Alice Tom Betty HR System Enterprise Entitlement Management System Organization Position/Role USDA Emp FSA Emp County Director FSA Supervisor Application Roles (Examples) AgLearn User AD User PACS User WebTA User EmpowHR Emp DCP Approver CRP Approver AgLearn S visor WebTA S visor EmPowHR S visor Application Function (Examples) AgLearn Create LP Approve LP Take Courses AD Domain Acct epacs Access to xyz WebTA Create T&A Create Leave Approve T&A Approve Leave EmPowHR Create PD Approve PD DCP Approve App CRP Approve App One More Thought: If Joe changes position, what happens? If Joe retires, what happens? 12
Questions? 13